Go Phish – How to Protect Yourself from Phishing Attacks

When you connect to the internet, you should always do so with a VPN. IPVanish VPN will protect your online traffic with encryption, but it’s still important to navigate the web with caution and skepticism. Any information you submit to a third party is theirs to keep, so you need to limit what you share, and where you share it. This is crucial due to phishing. Here’s how phishing works, how it’s evolving, and the steps you should take to avoid falling victim.

Traditional Phishing Methods

Phishing scams originated over the phone. Callers would impersonate a representative of a trustworthy institution, and trick people into giving out their credit card info. Today, phishing scams are an online bait-and-switch. They typically attempt to steal sensitive information such as login credentials and banking details by disguising themselves as legitimate.

They’re most often carried out through emails and social media platforms. Through these communication channels, scammers will pose as a friend or reliable company and share fraudulent links. When a phishing target click on the link, they’ll be directed to a counterfeit website. The website will look authentic down to the logos and interface. This is done to give the target a false sense of confidence, in hopes that they’ll mistakenly enter sensitive personal information.

Despite these familiar elements, traditional phishing attacks are not difficult to detect if you know what to look for. Common scams involve the threat of an account closure, the promise of money with no required effort, extreme discounts on products and services, and donation pleas following disasters or crises.

A New Phishing Method

Traditional phishing scams follow a somewhat predictable pattern. But recently, a new phishing scam was discovered, and it’s much more advanced than its predecessors. Uncovered by Fastlane founder, Felix Krause, the new method preys on iPhone users and exploits a loophole in iOS.

The attack takes advantage of the iOS tendency to ask users for their Apple ID password. Usually, this happens to confirm OS updates or app downloads. Because Apple is a trusted source and these requests occur so often, most users enter this password without thinking twice. The new phishing method recreates Apple’s sign prompt and attempts to gain user passwords for illegitimate reasons. It appears inside apps.

Unlike traditional phishing methods which are often riddled with spelling errors and seem too good to be true, the Apple ID method doesn’t have any immediate telltale signs. When placed next the legitimate sign in prompt, the fake looks identical.

This is concerning because Apple has a strong privacy and security reputation, and mobile devices are rarely targeted by phishing attacks. It’s also surprising considering that app thoroughly vets third party apps before they’re made available to the masses. But as Krause explains, it’s not unheard of for developers to implement new code after an app has been approved. In the past, these were minimal harmless additions. But now cyber criminals seem to be flipping the script.

How to Avoid Phishing Attacks

When it comes to traditional phishing attacks, looking out for poor grammar, avoiding questionable links, and trusting your instincts will serve you well. If it sounds fake, it probably is. Even if it looks like it’s from someone you trust, double-check just to be safe. If the message or offer is from a friend or family member, contact them in another channel to confirm. And if it’s from a business where you have a legitimate account, manually navigate to their sign in and look into your account details.

But what about the Apple ID fakeout? If you’re an iPhone user, you’re trained to follow the sign-in prompt. Next time you see it, don’t; hit the home button. A legitimate prompt will remain on screen and the app will remain open. If the app and prompt close, it’s a phishing scam. To err on the side of caution, don’t ever enter your Apple ID password when prompted. Instead, dismiss the prompt and provide the authorization in your iOS settings.